89 matches found
WordPress plugin Default Thumbnail Plus security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security vulnerability...
PT-2024-37539 · WordPress · Imgspider
Name of the Vulnerable Software and Affected Versions: IMGspider plugin for WordPress versions up to, and including, 2.3.10 Description: The IMGspider plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the upload img file function. This makes it...
EUVD-2024-26994
The Folders Pro plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'handlefoldersfileupload' function in all versions up to, and including, 3.0.2. This makes it possible for authenticated attackers, with author access and above, to upload...
WordPress plugin All-in-One Video Gallery 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability exists in t...
PT-2023-11848 · WordPress · Simple:Press
Name of the Vulnerable Software and Affected Versions: The Simple:Press – WordPress Forum Plugin for WordPress versions up to, and including, 6.6.0 Description: The issue is related to arbitrary file uploads due to missing file type validation in the...
WordPress Plugin Delete All Comments 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...
PT-2023-15935 · WordPress · Adsanity
Name of the Vulnerable Software and Affected Versions: AdSanity plugin for WordPress versions up to, and including, 1.8.1 Description: The issue is related to missing file type validation in the ajax upload function, allowing authenticated attackers with Contributor+ level privileges to upload...
CVE-2021-34619
The WooCommerce Stock Manager WordPress plugin is vulnerable to Cross-Site Request Forgery leading to Arbitrary File Upload in versions up to, and including, 2.5.7 due to missing nonce and file validation in the /woocommerce-stock-manager/trunk/admin/views/import-export.php file...
VulnCheck KEV: CVE-2020-36705
The Adning Advertising plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ninguploadimage function in versions up to, and including, 1.5.5. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected...